IT Security News Blast 4-24-2017

“But in this future collaborative economy, security is likely to become a completely different ball game and require organisations to change the way they think about security,” said Hamerlinck. “Likewise, security companies currently selling products for specific sectors probably need to rethink their future business model,” he said. Just as banks are moving to offering capabilities to third parties through open APIs, Hamerlinck said security suppliers should consider a business model for providing security capabilities in a similar way.

With the collapse of the Eastern Bloc, the international community has changed beyond recognition. Nation states have formed new alliances, made new enemies, and new ideological structures have sprung up in a bid to wield their influence unrestricted by physical borders. For smaller nations and ideological organizations, cyber hacking enables guerrilla warfare against other nations, some of which will be much bigger and more powerful. Non-state actors, such as ISIS, increasingly turn to cyber hacking to keep up the pressure on the international community and strengthen their position in a vulnerable area of the world.

Cyber attack on Buffalo hospital has Rochester facilities on high alert

Even two weeks after the virus was detected, the Erie County Medical Center, or ECMC, is still using pen and paper for each patient’s reports. […] “We knew it before and even more now, and more painfully since, that these types of instances are occurring across the country in health care organizations around the world,” Cutler added. Because for hospitals, every minute counts.

Though SIEM technologies are supposed to help secure the networks, Grigg said that they are often misconfigured, which creates more vulnerabilities. Even though some of the legacy tools are pretty cool, Grigg said the problem is that no one really knows the platform that well. “The vendor who built it knows it from a design standpoint. Then there’s the re-selllers, the guys who install it, the internal IT guys who inherit the systems, but they tend to never really focus on it.”

Now I understand headlines get clicks, the more dramatic the headline the more clicks you are likely to get, but come on guys, there is such a thing as integrity. To suggest Cylance is facing a “fraud controversy” or provided “fake malware” is complete and utter tosh. While we are in a tosh talking mood let’s talk about “Tanium exposes hospital records” and Tanium “fires employee right before their stock options vested”, again complete and utter tosh.

Either use node.js to directly interact with the Windows API (e.g. to disable application whitelisting or reflectively load an executable into the node.js process to run the malicious binary on behalf of the signed process) or to write the complete malware with node.js. Both options have the advantage, that the running process is signed and therefore bypasses anti-virus systems (reputation-based algorithms) per default.

Though the CIA and FBI have constantly improved their cyber defenses, the overall network structure of the United States is in itself vulnerable to attack. This is by far the weakest spot in American defenses that the North Koreans can easily exploit. A major security breach, due to hacking may compromise top secret intel on troop deployment, sensitive information regarding missions and orders and also access to various equipment and weapons.

On Friday morning, a series of power outages struck New York City, San Francisco, and Los Angeles. Officials tracked down the root causes of each issue, none of which seemed to be related to cyber attacks, but the incidents got a lot of people thinking about how vulnerable the United States’ power grid is to terrorist attacks — not to mention weather and squirrels.

A Russian super-hacker who is the son of a prominent politician was sentenced Friday to 27 years in federal prison for stealing and selling U.S. credit card numbers — and his defense lawyer blamed “politics” for the harsh penalty. Roman Seleznev, 32, was convicted of a massive cyberattack scheme that authorities said cost thousands of businesses from banks to pizza parlors at least $169 million and forced at least one into bankruptcy.

Free and easy-to-use hacking tools are helping many young people slip into a life of cyber-crime. The National Crime Agency (NCA) has detailed the “pathways” taken by people who become criminals. The report has stated that many have started getting involved with game cheat codes and mods on various websites and forums. The report is based on a small number of interviews with people who have been arrested or cautioned for computer-based crimes. Of the various people who were interviewed, many were teenagers with an average age of around 17.

“That is why we recommend the reinstatement of both the federal Chief Information Officer (CIO) and CISO positions, but with greater authority,” Waddell said. “The next federal CIO and CISO must have the ability to positively affect change, have a depth of experience in both the technical and managerial aspects of cybersecurity, and must be advocates for effective, holistic cybersecurity solutions that include people, process and technology as equally essential components.” Other recommendations include the expansion of training in order to recruit from a broader base – not just technical personnel, but to instill in everyone an awareness of security risks and “cyber literacy across all departments within federal agencies.”

They are a class of honors students at the University of Maryland, College Park who can read in C-code, compute in binary, and whose studies have brought them to this new frontier in cybersecurity education. “We turn them loose on the larger campus network,” said their instructor, Rob Maxwell, who has presented his teaching method at security conferences. “I’ve gotten some interest and a few people alarmed at the notion.”

Nuh-uh, Google, you WILL hand over emails stored on foreign servers, says US judge

During a hearing on Wednesday in California, magistrate judge Laurel Beeler rejected the advertising giant’s objections to a US government search warrant seeking data stored on its foreign servers. The Mountain View goliath had filed a motion to quash the warrant, and was denied. The warrant, issued on June 30, 2016, ordered Google to hand over information on a number of specific Gmail accounts, including message content, attachments, metadata, and locational data.

Google: Requests for users’ data have soared, so we need new cross-border rules

[Due] to a persistently high volume of requests from international governments Google is calling for a more efficient legal process than the Mutual Legal Assistance Treaty (MLAT). It allows non-US countries that have an agreement with the US to seek electronic evidence from US tech firms via the Justice Department. Over the past three years US requests have remained steady, while European law-enforcement requests continue to grow. Requests by the US are down slightly to 13,682 from 14,168 in the first half of 2016.

A report published by Kaspersky Lab on Thursday shows that the number of attacks involving exploits increased significantly in 2016 compared to the previous year, but the number of attacked users actually dropped. […] This indicates that while fewer users encountered exploits, the likelihood of coming across an exploit increased as the number of websites and spam messages delivering such threats has continued to grow.

The entire U.S. technology industry, including the cybersecurity sector, is heavily dependent on foreign talent. Not only are U.S. companies interested in hiring the smartest people available, no matter where they are from, but there is also a severe shortage of infosec professionals. So when President Donald Trump signed an executive order on Tuesday that is expected to restrict immigration, the tech industry responded in force. The very next day, more than 160 technology companies signed an animus brief arguing that American innovation and economic growth are tied to immigration, and that the executive order will harm the competitiveness of US companies.

The Drug Enforcement Administration is in the hacking business. As a Motherboard investigation previously found, the DEA purchased malware from Italian surveillance vendor Hacking Team as early as 2012. Newly released documents show the DEA was invoiced for another Hacking Team service too though: access to a cache of zero-day exploits. “Exploit Portal Full Access (Zero-Day level),” an item in an October 2012 invoice from Cicom USA, Hacking Team’s US subsidiary, to the DEA, reads.

“We found that no matter how wealthy or how poor a person is, no matter her education level, the speed of her internet service or whether she has a smartphone, a person’s online safety is closely related to where, and from whom, she gets advice about online security,” reports Redmiles. “Approximately 70 percent of Americans learn about online security behaviors as a result of advice shared by friends, family and co-workers, or on websites they visit.”

But between having faith in their cybersecurity programs — and their employees’ vigilance — and thinking their industry isn’t attractive to hackers because they don’t deal with consumer PII, many manufacturers believe they don’t need a cyber-risk insurance policy. […] Insurers expectedly say manufacturers should strongly consider cyber-risk insurance because, even if the manufacturers are not handling customers’ PII, they’re storing employee PII, vendor data and their own sensitive financial and operational information. Moreover, insurers say, manufacturers are at risk of a breach-initiated industrial shutdown.

Well-connected security biz FireEye is claiming Chinese hackers are trying to break into South Korea’s military to halt the deployment of an anti-ballistic weapons system in the country. […] Hultquist claimed that two Chinese cracking teams were spotted carrying out the digital attack – which kicked off after South Korea agreed to host missile systems and radars that form the THAAD. China has long been in opposition to the deployment since it was announced, and now FireEye is claiming that the Middle Kingdom has gone on the cyber-offensive.

The bugs also give attackers the chance to bypass SGI scripts and steal private information and even manipulate restricted settings. And not only that, but the hackers that use this method can even execute commands with root privileges, and create the sort of backdoor accounts that can be used for persistent access, and wouldn’t be viewable when it comes to the smart management console for the router.

According to the report, Trend Micro recently found the malicious backdoor program embedded within approximately 200 unique Android apps, each of which were installed anywhere between 500,000 and a million times on Google Play. These apps were posing as style guides, children’s books, drawing applications and other recreational apps. “We surmise that these are legitimate apps which cybercriminals repackaged and trojanized then republished in Google Play, banking on their popularity to draw victims,” the blog post stated, adding that Google removed the apps after Trend Micro privately disclosed them.

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.